Я установил gnudip (сервер ddns) на свой сервер, а затем добавил 2 зоны для 2 доменов, чтобы он динамически обновлялся.
Я использую Centos 7, BIND 9
настроил BIND9 следующим образом
/etc/ named.conf root: named
include "/etc/named/gnudip-key";
// zone ddns.domain1.com
zone "ddns.domain1.com" in {
type master;
file "/etc/named/db.ddns.domain1.com";
allow-query {any;};
#allow-update { key gnudip-key;};
update-policy { grant gnudip-key subdomain ddns.domain1.com; };
};
// zone ddns.domain2.com
zone "ddns.domain2.com" in {
type master;
file "/etc/named/db.ddns.domain2.com";
allow-query {any;};
update-policy { grant gnudip-key subdomain ddns.domain2.com; };
};
очень странно то, что я могу обновить домен 1 без проблем, либо выполнив команду nsupdate, либо из клиента ddns на другом компьютере, но домен 2 всегда выдает сообщение Communication with server failed: unexpected error
.
когда домен2 обновляется клиентом ddns на другом компьютере, сценарий cgi perl генерирует сообщение об ошибке в / var / log / messages, затем я попытался отследить его с помощью /usr/bin/nsupdate -v -L 3 -k /opt/gnudip/etc/Kgnudip-key.+157+#####.private
. Вывод в nsupdate двух доменов следующий, единственная разница, кажется, req_response
получили.
Я включил, думаю, весь названный журнал в соответствии с этот вопрос о переполнении стека, но я не вижу вывода журнала от named, когда nsupdate пытается отправить команду для обновления domain2
[root@webserver ~]# /usr/bin/nsupdate -v -L 3 -k /opt/gnudip/etc/Kgnudip-key.+157+31541.private
09-Sep-2018 01:55:51.102 dns_requestmgr_create
09-Sep-2018 01:55:51.102 dns_requestmgr_create: 0x7f783cd72010
> update add test1.ddns.domain2.com. 60 A 58.153.241.169
>
09-Sep-2018 01:55:54.039 dns_request_createvia
09-Sep-2018 01:55:54.059 request_render
09-Sep-2018 01:55:54.060 requestmgr_attach: 0x7f783cd72010: eref 1 iref 1
09-Sep-2018 01:55:54.060 mgr_gethash
09-Sep-2018 01:55:54.060 req_send: request 0x7f783cd7a010
09-Sep-2018 01:55:54.060 dns_request_createvia: request 0x7f783cd7a010
09-Sep-2018 01:55:54.060 req_senddone: request 0x7f783cd7a010
09-Sep-2018 01:55:54.258 req_response: request 0x7f783cd7a010: success
09-Sep-2018 01:55:54.258 req_cancel: request 0x7f783cd7a010
09-Sep-2018 01:55:54.258 req_sendevent: request 0x7f783cd7a010
09-Sep-2018 01:55:54.258 dns_request_getresponse: request 0x7f783cd7a010
09-Sep-2018 01:55:54.274 dns_request_createvia
09-Sep-2018 01:55:54.274 request_render
09-Sep-2018 01:55:54.274 requestmgr_attach: 0x7f783cd72010: eref 1 iref 2
09-Sep-2018 01:55:54.274 mgr_gethash
09-Sep-2018 01:55:54.274 dns_request_createvia: request 0x7f783cd7a180
09-Sep-2018 01:55:54.274 dns_request_destroy: request 0x7f783cd7a010
09-Sep-2018 01:55:54.274 req_destroy: request 0x7f783cd7a010
09-Sep-2018 01:55:54.274 requestmgr_detach: 0x7f783cd72010: eref 1 iref 1
09-Sep-2018 01:55:54.446 req_connected: request 0x7f783cd7a180
09-Sep-2018 01:55:54.446 req_send: request 0x7f783cd7a180
09-Sep-2018 01:55:54.446 req_senddone: request 0x7f783cd7a180
09-Sep-2018 01:55:54.706 req_response: request 0x7f783cd7a180: unexpected error
09-Sep-2018 01:55:54.706 req_cancel: request 0x7f783cd7a180
09-Sep-2018 01:55:54.706 req_sendevent: request 0x7f783cd7a180
; Communication with server failed: unexpected error
09-Sep-2018 01:55:54.706 dns_request_destroy: request 0x7f783cd7a180
09-Sep-2018 01:55:54.706 req_destroy: request 0x7f783cd7a180
09-Sep-2018 01:55:54.706 requestmgr_detach: 0x7f783cd72010: eref 1 iref 0
> update add test1.ddns.domain1.com. 60 A 44.44.44.44
>
09-Sep-2018 01:56:13.317 dns_request_createvia
09-Sep-2018 01:56:13.317 request_render
09-Sep-2018 01:56:13.317 requestmgr_attach: 0x7f783cd72010: eref 1 iref 1
09-Sep-2018 01:56:13.317 mgr_gethash
09-Sep-2018 01:56:13.317 req_send: request 0x7f783cd7a180
09-Sep-2018 01:56:13.317 dns_request_createvia: request 0x7f783cd7a180
09-Sep-2018 01:56:13.317 req_senddone: request 0x7f783cd7a180
09-Sep-2018 01:56:13.676 req_response: request 0x7f783cd7a180: success
09-Sep-2018 01:56:13.676 req_cancel: request 0x7f783cd7a180
09-Sep-2018 01:56:13.676 req_sendevent: request 0x7f783cd7a180
09-Sep-2018 01:56:13.676 dns_request_getresponse: request 0x7f783cd7a180
09-Sep-2018 01:56:13.953 dns_request_createvia
09-Sep-2018 01:56:13.953 request_render
09-Sep-2018 01:56:13.953 requestmgr_attach: 0x7f783cd72010: eref 1 iref 2
09-Sep-2018 01:56:13.953 mgr_gethash
09-Sep-2018 01:56:13.953 dns_request_createvia: request 0x7f783cd7a010
09-Sep-2018 01:56:13.953 dns_request_destroy: request 0x7f783cd7a180
09-Sep-2018 01:56:13.953 req_destroy: request 0x7f783cd7a180
09-Sep-2018 01:56:13.953 requestmgr_detach: 0x7f783cd72010: eref 1 iref 1
09-Sep-2018 01:56:13.953 req_connected: request 0x7f783cd7a010
09-Sep-2018 01:56:13.953 req_send: request 0x7f783cd7a010
09-Sep-2018 01:56:13.953 req_senddone: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 req_response: request 0x7f783cd7a010: success
09-Sep-2018 01:56:13.956 req_cancel: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 req_sendevent: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 dns_request_getresponse: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 dns_request_destroy: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 req_destroy: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 requestmgr_detach: 0x7f783cd72010: eref 1 iref 0
еще одна вещь, которую я заметил, это то, что named не создает файл jnl для domain2
[root@webserver ~]# ll /etc/named/db*
-rw-r--r-- 1 named named 470 Sep 9 02:08 /etc/named/db.ddns.domain1.com
-rw-r--r-- 1 named named 2023 Sep 9 01:56 /etc/named/db.ddns.domain1.com.jnl
-rw-r--r-- 1 named named 409 Sep 8 14:30 /etc/named/db.ddns.domain2.com
ОБНОВИТЬ:
после выполнения некоторого tcpdump мне кажется, что мой BIND на самом деле проверяет авторизационный сервер ddns.domain2.com? может кто-нибудь подтвердить мою догадку из журнала tcpdump ниже?
10:03:32.039184 IP (tos 0x0, ttl 64, id 12703, offset 0, flags [none], proto UDP (17), length 69)
webserver.domain2.com.novalocal.unisql-java > google-public-dns-a.google.com.domain: [bad udp cksum 0xda46 -> 0x559a!] 63289+ SOA? t est.ddns.domain2.com. (41)
0x0000: 4500 0045 319f 0000 4011 6f05 92c4 3730 E..E1...@.o...70
0x0010: 0808 0808 07bb 0035 0031 da46 f739 0100 .......5.1.F.9..
0x0020: 0001 0000 0000 0000 0474 6573 7404 6464 .........test.dd
0x0030: 6e73 096a 696d 6d79 6368 6175 0363 6f6d ns.domain2.com
0x0040: 0000 0600 01 .....
10:03:32.040422 IP (tos 0x0, ttl 64, id 12704, offset 0, flags [DF], proto UDP (17), length 66)
webserver.domain2.com.novalocal.43698 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda43 -> 0x9515!] 52323+ PTR? 8.8.8.8 .in-addr.arpa. (38)
0x0000: 4500 0042 31a0 4000 4011 2f07 92c4 3730 E..B1.@.@./...70
0x0010: 0808 0808 aab2 0035 002e da43 cc63 0100 .......5...C.c..
0x0020: 0001 0000 0000 0000 0138 0138 0138 0138 .........8.8.8.8
0x0030: 0769 6e2d 6164 6472 0461 7270 6100 000c .in-addr.arpa...
0x0040: 0001 ..
10:03:32.056769 IP (tos 0x0, ttl 64, id 12710, offset 0, flags [DF], proto UDP (17), length 72)
webserver.domain2.com.novalocal.35893 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda49 -> 0x318c!] 28676+ PTR? 48.55.1 96.146.in-addr.arpa. (44)
0x0000: 4500 0048 31a6 4000 4011 2efb 92c4 3730 E..H1.@.@.....70
0x0010: 0808 0808 8c35 0035 0034 da49 7004 0100 .....5.5.4.Ip...
0x0020: 0001 0000 0000 0000 0234 3802 3535 0331 .........48.55.1
0x0030: 3936 0331 3436 0769 6e2d 6164 6472 0461 96.146.in-addr.a
0x0040: 7270 6100 000c 0001 rpa.....
10:03:32.369258 IP (tos 0x0, ttl 64, id 12722, offset 0, flags [DF], proto UDP (17), length 68)
webserver.domain2.com.novalocal.44932 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda45 -> 0x0ae6!] 14868+ A? dns1.name -services.com. (40)
0x0000: 4500 0044 31b2 4000 4011 2ef3 92c4 3730 E..D1.@.@.....70
0x0010: 0808 0808 af84 0035 0030 da45 3a14 0100 .......5.0.E:...
0x0020: 0001 0000 0000 0000 0464 6e73 310d 6e61 .........dns1.na
0x0030: 6d65 2d73 6572 7669 6365 7303 636f 6d00 me-services.com.
0x0040: 0001 0001 ....
10:03:32.369308 IP (tos 0x0, ttl 64, id 12723, offset 0, flags [DF], proto UDP (17), length 68)
webserver.domain2.com.novalocal.44932 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda45 -> 0x2272!] 8813+ AAAA? dns1.na me-services.com. (40)
0x0000: 4500 0044 31b3 4000 4011 2ef2 92c4 3730 E..D1.@.@.....70
0x0010: 0808 0808 af84 0035 0030 da45 226d 0100 .......5.0.E"m..
0x0020: 0001 0000 0000 0000 0464 6e73 310d 6e61 .........dns1.na
0x0030: 6d65 2d73 6572 7669 6365 7303 636f 6d00 me-services.com.
0x0040: 001c 0001 ....
10:03:32.384349 IP (tos 0x0, ttl 64, id 54949, offset 0, flags [DF], proto TCP (6), length 60)
webserver.domain2.com.novalocal.46589 > 98.124.243.1.domain: Flags [S], cksum 0x1fa1 (incorrect -> 0x132e), seq 49498370, win 29200, options [mss 1460,sackOK,TS val 25206695 ecr 0,nop,wscale 7], length 0
0x0000: 4500 003c d6a5 4000 4006 44a4 92c4 3730 E..<..@.@.D...70
0x0010: 627c f301 b5fd 0035 02f3 4902 0000 0000 b|.....5..I.....
0x0020: a002 7210 1fa1 0000 0204 05b4 0402 080a ..r.............
0x0030: 0180 9fa7 0000 0000 0103 0307 ............
10:03:32.384808 IP (tos 0x0, ttl 64, id 12736, offset 0, flags [DF], proto UDP (17), length 71)
webserver.domain2.com.novalocal.34753 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda48 -> 0xa424!] 1056+ PTR? 1.243.12 4.98.in-addr.arpa. (43)
0x0000: 4500 0047 31c0 4000 4011 2ee2 92c4 3730 E..G1.@.@.....70
0x0010: 0808 0808 87c1 0035 0033 da48 0420 0100 .......5.3.H....
0x0020: 0001 0000 0000 0000 0131 0332 3433 0331 .........1.243.1
0x0030: 3234 0239 3807 696e 2d61 6464 7204 6172 24.98.in-addr.ar
0x0040: 7061 0000 0c00 01 pa.....
10:03:32.555711 IP (tos 0x0, ttl 64, id 54950, offset 0, flags [DF], proto TCP (6), length 52)
webserver.domain2.com.novalocal.46589 > 98.124.243.1.domain: Flags [.], cksum 0x1f99 (incorrect -> 0xf281), seq 49498371, ack 273009 8808, win 229, options [nop,nop,TS val 25206866 ecr 3837409275], length 0
0x0000: 4500 0034 d6a6 4000 4006 44ab 92c4 3730 E..4..@.@.D...70
0x0010: 627c f301 b5fd 0035 02f3 4903 a2ba 0078 b|.....5..I....x
0x0020: 8010 00e5 1f99 0000 0101 080a 0180 a052 ...............R
0x0030: e4ba 37fb ..7.
10:03:32.556097 IP (tos 0x0, ttl 64, id 54951, offset 0, flags [DF], proto TCP (6), length 191)
webserver.domain2.com.novalocal.46589 > 98.124.243.1.domain: Flags [P.], cksum 0x2024 (incorrect -> 0xb1c4), seq 0:139, ack 1, win 2 29, options [nop,nop,TS val 25206867 ecr 3837409275], length 1394771 update [1n] [1au] SOA? domain2.com. ns: test.ddns.domain2.com. [1 m] A 45.45.45.45 ar: gnudip-key. ANY [0s] TSIG hmac-md5.sig-alg.reg.int. fudge=300 maclen=16 origid=4771 error=0 otherlen=0 (137)
0x0000: 4500 00bf d6a7 4000 4006 441f 92c4 3730 E.....@.@.D...70
0x0010: 627c f301 b5fd 0035 02f3 4903 a2ba 0078 b|.....5..I....x
0x0020: 8018 00e5 2024 0000 0101 080a 0180 a053 .....$.........S
0x0030: e4ba 37fb 0089 12a3 2800 0001 0000 0001 ..7.....(.......
0x0040: 0001 096a 696d 6d79 6368 6175 0363 6f6d ...domain2.com
0x0050: 0000 0600 0104 7465 7374 0464 646e 73c0 ......test.ddns.
0x0060: 0c00 0100 0100 0000 3c00 042d 2d2d 2d0a ........<..----.
0x0070: 676e 7564 6970 2d6b 6579 0000 fa00 ff00 gnudip-key......
0x0080: 0000 0000 3a08 686d 6163 2d6d 6435 0773 ....:.hmac-md5.s
0x0090: 6967 2d61 6c67 0372 6567 0369 6e74 0000 ig-alg.reg.int..
0x00a0: 005b 94ef f401 2c00 1015 0e32 6731 1299 .[....,....2g1..
0x00b0: 9df4 da99 68a7 7f7e db12 a300 0000 00 ....h..~.......